Results

Pages

Updated:2025-01-23 SBOM Central

This chapter contains information about the web pages in SBOM Central.

Updated:2024-09-29 SBOM Central

This page contains legal information about MAIA Software, and can be opened from the Settings menu.

Tabs:

  • Licensing Information: license information from included software.
  • General terms of use.
  • Privacy Policy.

Updated: 2024-11-26 SBOM Central

An API token is used to secure and authenticate access to an API.

When a valid token is provided, the API server grants the appropriate level of access. The request is rejected if the token is invalid or lacks necessary permissions.

This is a page where all tokens belonging to the user are listed. On the page, you can Create, Reveal, and Delete tokens.

Reveal can only be performed once per token.

Update: 2025-01-21 SBOM Central

The CWEs (Common Weakness Enumeration) menu page is an index page listing the current most dangerous software weaknesses. The list is published yearly by MITRE (external link) where each weakness type gets a score (0-100).

Upload button

  • Upload an updated CWE json-file, may be downloaded from the SBOM Central Support web, if logged in.

Information box

  • Date: Date of weakness listing.
  • Origin: Origin of information.
  • Web: Web address of origin.

Priority setting.

  • Min: lowest score, start of lowest priority.
  • Medium: start score of medium priority.
  • High: start score of high priority.
  • Top: start score of top priority.
  • Max: highest score possible.

Table

Header Description
Identifier CWE identity and a link to detailed information at the MITRE home page.
Score Severity score
Priority A priority level is indicated with a colored thermometer (see below).
Description Short description.


Priority

  • Black: Top < Score < Max
  • Yellow: High < Score < Top
  • Green: Medium < Score < High
  • Light blue: Min < Score < Medium
  • -- : No priority set for this weakness
Update: 2024-10-07 SBOM Central

Environments are environment information related to SBOMs, etc, with the ability of connecting variables to tags.

Index page

The index page lists all available environments.

Table description
Heading Description
Name Identity of the environment.
Comment Additional information.
Tags Tags associated with the environment.


Filters
Filter by Description
Search Search table info.
Tags Filter by tags


Show page

The show page presents information about one specific environment.

Table description
Heading Description
Name Identity of the environment.
Uuid Uuid identity
Comment Additional information
Tags Tags associated with the environment.


Button

Push the button to open an edit dialog window.


History

The history tab contains a list of changes made on the environment data.

Table description
Heading Description
Change Change information
Created at Date
User Created by "user"


Filter by Description
Search Search table info.
From date From date
End date End date


Updated: 2024-12-12 SBOM Central

Updated: 2024-12-12 SBOM Central

Updated: 2024-12-18 SBOM Central

The permission "Create/update/destroy license types" is needed to change license type data i.e. edit Template text, activate Template, edit Information box text, etc.

A license type is a software license shared by multiple software components.

The purpose of the license type pages is to collect information about all types that are present in the development process to support automation of the license management workflow.

License type index page

Contains a list of all license types defined in SBOM Central.

Table description
Heading Description
Name The explanatory license type name.
SPDX identifier A standardized identifier defined by SPDX (external link).
Name patterns License names that automatically will be assigned to this license type.
Template A template text for the license type (expandable).
Approvals Status for existing approvals -- blue icon: approved texts exists, grey icon indicates undecided exists, and red icon disapproved.

Filter
Filter by Description
Search Search the Name of a type.
Filter by text approval Filter types approved/not approved

Create button

Push the create button to open an empty pop-up editing window to create an new license type.

License type show page

Each license type has a show page:

Top box
Box Description
Status box Displays the numbers of licenses to analyze and decide on.

Information box
Attribute Description
SPDX The SPDX (external link) identifier.
Recommendation Recommendation setting for use of software with this license type: Approve/For internal use only/Deny.
Permissiveness Public domain/Permissive/Weak copyleft/Copyleft/Proprietary.
Name patterns License names that automatically will be assigned to this license type.

Buttons
  • Edit (on top of information box)
  • Delete, to delete the license type.

Edit button to open a pop-up window to edit template configurations and content:

Attribute Description
Name The name of the license type
SPDX identifier The SPDX (external link) identifier.
Name patterns License names that automatically will be assigned to this license type. The selection box is editable.
Recommendation Recommendation setting for use of software with this license type: Approve/For internal use only/Deny.
Permissiveness Public domain/Permissive/Weak copyleft/Copyleft/Proprietary.
Use template Activate the template. Opens a text field for adding template text.
Template Template license text.

Licenses

The Licenses tab contains a list of artifacts using this license type. Each artifact name includes a link to open the artifact show page.

Kind Description
Name A name for the license used by the artifact (individual per artifact).
Artifact Artifact using this license type, including a link to the artifact show page.
Text The unique license text included in the artifact or retrieved from a link (expandable).
Created at Created date in SBOM Central
Updated at Update date
Source Sbom/Link/Manual, Source of license text.
Approval Setting: text is Approved/Undecided/Not approved.
Ignore Active when license is ignored by system.
Edit button Push to edit license name, type, approval and ignore.

Template text

The Template text tab contains:

  • The template text area where a standard license type text can by viewed. This template text will be used when comparing any license text to this license type.


History

The History tab contains a list of changes performed for this license type.

Updated: 2024-12-18 SBOM Cerntral

Notifications in the WebApp are a list of significant events helping users to manage news and alerts.

Each user's notification list is individually populated, depending on selections and privileges. The user may tick off each notification as a confirmation.

Table
Name Description
Text Notification description
Object Target object
Created at Date and time
User by user
Confirmed x= not yet confirmed by the user, date=confirmed with date.


Notifications are activated for:
  • Creating a delivery report.
  • Updating a delivery report.
  • Changes in vulnerability status.
Updated: 2024-12-18 SBOM Central

The Products page contains a list of all products registered in SBOM Central.

What is a product? When an SBOM is registered in SBOM Central, the CycloneDX standard identifies the application in the sections: metadata :: component :: group where the group often is a shortened, single name of the company or project that produced the component, or the source package or domain name & metadata :: component :: name the name of the component. The Product identity is set to be the combination of mentioned group (vendor) and name.

Updated:2024-12-06 SBOM Central
  • A Software Bill of Materials (SBOM) is a document that lists all the software components that are used in a particular software product or application, including both proprietary and open-source components, as well as their version numbers, dependencies, and origins.
  • SBOMs (Software Bill-of-Materials) may be uploaded to the WebApp manually or through the RestAPI.

Content:

  1. SBOMs index page
  2. SBOMs show page
  3. Comparison tab
  4. Deliveries tab
  5. Vulnerabilities tab
  6. External artifacts tab
  7. Licenses tab
  8. BOMs tab
  9. SBOM data tab
  10. History tab
Updated: 2024-11-26 SBOM Central

Definition: A team is a group of people who perform interdependent tasks to accomplish a common mission or specific objective.

The purpose of a team is to limit the access users have to data in WebApp so that the work of different teams can be separated from each other.

Content:

  1. Teams index page
  2. Teams show page
  3. Members tab
  4. Team permissions tab
  5. Components tab
  6. History tab

The team contains:

  • Members (Users).
  • A set of permissions.
  • Access to a set of components.

A user can be a member of one or more teams.

A user can switch between teams to access different subsets of information. This allows multiple teams to work in the WebApp simultaneously without creating conflicts.

The team root is a mandatory team used for administrative purposes in the WebApp. By default, the root team is granted all admin permissions.

Updated: 2024-12-10 SBOM Central

Content:

  1. Vulnerabilities index page, lists all vulnerabilities registered in SBOM Central
  2. Vulnerabilities show page, vulnerability main information page containing all tabs listed below :
    1. Analysis tab, lists all analyses.
    2. Affected software tab, lists all affected artifacts, SBOMs, products, deliveries and tags.
    3. NVD tab, contains vulnerability data from NVD.com.
    4. OSV tab, contains vulnerability data from OSV.dev.
    5. Temporal metrics tab, CVSS 3 temporal metrics alterations page.
    6. Exploit probability tab, contains general exploit information, Known Exploited Vulnerabilities catalog, EPSS and Cyber threat Intelligence.
    7. Fixes tab, known automated fixes.
    8. VEXs tab, list all VEX reports generated from the current vulnerability.
    9. History tab. change history.